What is the iPhone zero-day vulnerability CISA warned about?

CVE-2025-43529 is a use-after-free vulnerability in WebKit, the browser engine used by Safari and other apps on Apple devices. Processing maliciously crafted web content can lead to memory corruption. Apple confirmed a second vulnerability, CVE-2025-14174, is also being actively exploited in the wild.

Are Android users also at risk?

Yes. CISA issued warnings for two Android vulnerabilities — CVE-2025-48572 and CVE-2025-48633 — which are privilege escalation and information disclosure threats targeting Android's core framework. Google's Chrome browser also carries its own active exploit via the ANGLE out-of-bounds memory access vulnerability.

What are the CISA update deadlines for federal employees?

Under CISA's Binding Operational Directive, federal agencies must update or stop using affected devices by the following deadlines: Android by December 23, Google Chrome by January 2, and iPhone and Apple devices by January 5. CISA strongly urges all organizations — not just federal agencies — to prioritize these updates.

Who is behind these cyberattacks?

The attacks are being driven by mercenary, commercial spyware. Attacks typically begin with targeted strikes on specific individuals, many of whom have been directly warned by Apple and Google. However, security experts warn the exploits will quickly spread to a wider range of threat actors once weaponized commercially.

AI & Emerging Technologies 28 DEC 2025

Feds Warn iPhone And Android Users, Zero Day Attacks Confirmed

Federal agencies warn iPhone and Android users of confirmed zero-day cyberattacks in December 2025

Dangerous December: Active Attacks Confirmed Across iPhone and Android

Dangerous December continues. The U.S. government has just warned iPhone and other Apple product users to update all devices now, with attacks already underway. Samsung, Pixel, and other Android users have already received a similar alert.

The latest warning from America's cyber defense agency concerns CVE-2025-43529 — a use-after-free vulnerability in WebKit, the browser engine that powers Safari and underpins all non-Apple browsers and apps on iOS. Processing maliciously crafted web content can trigger memory corruption, giving attackers a foothold on the device. The vulnerability affects a far wider surface than most users realize: any app using WebKit on an Apple device is potentially exposed.

Apple Confirms Second Vulnerability Under Active Exploitation

When Apple issued its emergency patches and confirmed attacks were underway, it also acknowledged that CVE-2025-14174 is being actively exploited. This second vulnerability had already been the subject of a CISA warning directed at all Google Chrome and Chromium browser users.

Chrome ANGLE exploit — CISA warning Google Chromium contains an out-of-bounds memory access vulnerability in ANGLE that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML page. The vulnerability affects all Chromium-based browsers and represents an active, confirmed exploit in the wild.

The pattern across these vulnerabilities is consistent: attackers are targeting the browser rendering layer — the code that processes web content — across both Apple and Google ecosystems simultaneously. This convergence of active exploits across competing platforms in a single period is highly unusual and signals a coordinated, well-resourced threat campaign.

Android Under Attack: Two Additional CISA Warnings

Dangerous December was initially kicked off by Google warning that Android is under attack. Google's operating system carries two active CISA warnings of its own. CVE-2025-48572 and CVE-2025-48633 are privilege escalation and information disclosure threats embedded in Android's core framework — meaning they affect a broad range of devices regardless of manufacturer.

CISA Binding Operational Directive — update deadlines Federal staff must update or stop using affected devices by the following deadlines: Android by Dec. 23 · Google Chrome by Jan. 2 · iPhone and all Apple devices by Jan. 5. While the directive applies to federal agencies, CISA strongly urges all organizations and individuals to remediate immediately.

Commercial Spyware Is Driving the Wave

Security researchers have traced the root of this escalation to mercenary, commercial spyware. These campaigns typically begin with targeted attacks on specific individuals — journalists, executives, government officials — many of whom have already been warned directly by Apple and Google through threat notifications. But the threat rarely stays contained.

"It will quickly become a must-have exploit for a range of threat actors," warned James Maude from BeyondTrust. Once a zero-day is confirmed and widely reported, it becomes a commodity on underground markets, dramatically expanding the pool of potential attackers within days or weeks.

What You Should Do Right Now

CISA's Binding Operational Directive makes updates mandatory for all federal staff. For everyone else, the guidance is unambiguous: update your iPhone, iPad, Mac, and all Apple devices to the latest available software. Update Chrome and all Chromium-based browsers immediately. If your Android device manufacturer has issued a December security patch, install it without delay. The scale and simultaneity of these warnings — spanning Apple, Google Chrome, and Android in a single month — underscores how rapidly the commercial spyware ecosystem is evolving and how exposed everyday users now are to tools once reserved for nation-state intelligence operations.

The Societal News Team Updated 28 DEC 2025

Follow Us!
It helps decentralize our presence across the web and it's completely free!
Instagram ➤
Youtube ➤
Substack ➤
X.com ➤
Telegram ➤
TikTok ➤